Greylisting -- Was: Anti Spam

[Bart Silverstrim]

On Apr 30, 2007, at 4:36 AM, Ted Mittelstaedt wrote:

>
> I don't understand why people are focusing on trying to redesign
> the monitoring system I'm using.  Don't you have any imagination
> at all?  The point was that there are legitimate situations where
> the delays introduced by greylisting are a problem.  I used the
> monitoring system as an example to make it easy to grasp the
> point.  If it would help, I'll stop talking about it and use another
> example.

Probably because if this is truly a mission-critical if it fails  
you're going to lose your business type system, there would be more  
redundancy than just relying on an email to your cell provider, because:
A) greylisting by it's nature will not block you or delay you if  
you're legit and are registered legit
B) what happens when your cell is out of range, off for some reason,  
fell in the toilet, broken, etc.
C) what guarantee do you have your cell phone will be always working  
100% of the time
D) what if your monitoring system fails because something blocks or  
breaks email, period

You're making it sound as if greylisting is a terrible idea because  
once your failure system won't notify you for some unspecified period  
of time.  I, and others most likely, are saying that it wouldn't take  
much for you to get it working just fine whether the cell carrier  
used it or not.  And even then, you haven't made a case that ISPs or  
businesses still couldn't use it...the inconvenience you point out  
still could be worked around simply by doing what I suggested before,  
registering legit by periodically sending a quick message, and if you  
get "charged" for a short short message like that, then you probably  
need a new cell plan if that is pushing you over your free time, or  
start having your employer compensate you for using your personal  
equipment for business use.

> Sure, it's possible to modify the greylist to whitelist.

I thought most did.  That was part of the way they work.

> That
> implies that the sender knows greylisting is happening, knows
> how to get the recipient to whitelist, it implies the recipient
> is even willing to whitelist,  etc.

What greylist program are you using?  As I recall systems I've seen  
like Postgrey automatically track connections and after a certain  
number of connections will whitelist them, as they would be  
established as legitimate and, contrary to what your arguments make  
them out, greylisters aren't there just to slow down everyone's  
email.  Once established, they let the email right through.   You're  
making it sound like it's a huge undertaking to get this ability up  
and working.

> Imagine a cell company that puts in greylisting being deluged by
> 30% of their million-plus userbase requesting to be whitelisted
> for just the reason I cited.  Do you think it would be realistic
> for the cell company to do this?

Realistically the userbase wouldn't really even know.

It's the SAME thing that would happen if your email server were  
screwed up.  Your mail server should retry within a sane period of  
time.  The vast majority of your imaginary userbase would probably  
become whitelisted before they were even aware anything happened.  If  
the majority of those users are using a popular mail service, it's  
not like 30,000 users are making 30,000 requests to their server.   
The majority of those users are probably using addresses from  
hotmail, gmail, etc...so if 10,000 were on hotmail, 15,000 were on  
gmail, and 5,000 were on aol, what are the odds that there's not  
already a load of traffic between those sites to the greylisting site?